Quick start
Authenticate, hit a probe endpoint, see the three calls available.
1. Authenticate
Every request includes a Bearer token in the Authorization header:
Authorization: Bearer ho_live_xxxxxxxxxxxxxxxxxxxxxxxx2. Test it works
Hit /v1/usage first — it has no side effects, no LLM cost, and confirms the key works:
curl -s https://holaora.com/api/v1/usage \
-H "Authorization: Bearer ho_live_YOUR_KEY"You should get JSON back with your user_id, organization_id, plan, limits and today's quota.
3. The three endpoints
POST /api/v1/chat— send a message, get the assistant's replyGET /api/v1/usage— read your plan, limits, today's message countGET /api/v1/documents— list documents in this key's workspace
4. Workspace scoping
Each key is bound to one workspace at creation. Calls only see documents and quota counts from that workspace. To act on a different workspace, generate a separate key from the dropdown in the create form.
5. Plan & rate limits
- API access requires the Scale plan (€79/mo). See pricing or sign up to mint a key.
- Scale has unlimited daily messages — no per-key rate limit beyond that.
- If we ever return
429, back off and retry with exponential backoff.
Chat POST /v1/chat
Send a stateless chat message. RAG retrieval against the workspace knowledge base is automatic.
Send a message
POST /api/v1/chat
Authorization: Bearer ho_live_YOUR_KEY
Content-Type: application/jsonBody:
{
"messages": [
{ "role": "user", "content": "How do I cancel my subscription?" }
],
"model": "openai/gpt-4o-mini" // optional; defaults to your account model
}Curl:
curl -X POST https://holaora.com/api/v1/chat \
-H "Authorization: Bearer ho_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"messages":[{"role":"user","content":"What does HolaOra do?"}]}'Response
Plain text — the assistant's reply, end to end. Currently buffered, not server-sent-events streaming. Status 200 on success.
HolaOra is an AI customer-support assistant that answers questions
from your knowledge base across chat, embed widget, WhatsApp, and API.Errors
401— missing, malformed, revoked, or expired key429— daily message cap (Scale doesn't hit this)502— upstream LLM error; retry once with backoff
Notes
- Each call counts as one message in your daily quota.
- Conversation history is your responsibility — pass full
messages[]on every call. The endpoint is stateless. - RAG retrieval against your knowledge base happens automatically. No need to pass document context.
Usage GET /v1/usage
Read the caller workspace plan, plan limits, and today's message count. Side-effect free.
Read your plan + today's quota
GET /api/v1/usage
Authorization: Bearer ho_live_YOUR_KEYCurl:
curl -s https://holaora.com/api/v1/usage \
-H "Authorization: Bearer ho_live_YOUR_KEY"Response shape
{
"user_id": "afa1a41a-fbd3-...",
"organization_id": "6570d2cc-6380-...",
"plan": "scale",
"limits": {
"maxKnowledgeBases": null,
"dailyMessages": null,
"maxTeamMembers": 10,
"storageBytes": null
},
"usage": {
"dailyMessagesUsed": 6,
"dailyMessagesRemaining": null
}
}null in limits means unlimited. dailyMessagesUsed is scoped to the key's bound workspace, not all your activity.
Use cases
- Pre-flight before a batch job — check remaining quota.
- Build your own usage dashboard.
- Detect when a customer's plan changed (poll the
planfield).
Documents GET /v1/documents
List documents in the workspace this API key is bound to. Read-only in v1.
List your documents
GET /api/v1/documents?limit=50&offset=0
Authorization: Bearer ho_live_YOUR_KEYQuery parameters:
limit— default 50, max 200offset— default 0, for pagination
Curl:
curl -s "https://holaora.com/api/v1/documents?limit=10" \
-H "Authorization: Bearer ho_live_YOUR_KEY"Response shape
{
"documents": [
{
"id": "uuid",
"filename": "support-guide.pdf",
"source": "upload",
"created_at": "2026-04-29T08:34:12Z",
"organization_id": "6570d2cc-..."
}
],
"pagination": {
"limit": 10,
"offset": 0,
"total": 42
}
}Workspace scoping
Only documents in the workspace this key is bound to are returned. Documents in your other workspaces are invisible to this key. To list those, mint a key against the other workspace from the API keys page.
Notes
- Read-only for v1 — no upload, update, or delete via API yet.
- Use the in-product UI or the embed widget admin to manage documents.
Workspace scoping
Every ho_live_* key is bound to exactly one workspace at creation time. The binding is permanent for the life of the key — rotating a key creates a new binding; rebinding an existing key isn't supported. Calls only see documents, quota counts and conversations from the bound workspace, so a leaked key cannot pivot to other workspaces in the same account.
To act on a different workspace, mint a separate key for it. There is no per-account cap on the number of active keys.
Errors & rate limits
401 Unauthorized— missing, malformed, revoked, or expired key. Confirm the header isAuthorization: Bearer ho_live_…and the key still appears as "active" under/api-keys.403 Forbidden— plan downgrade revoked API access. Re-upgrade to Scale or stop calling.429 Too Many Requests— daily message cap. Scale is unlimited, so this normally only fires if our infrastructure is rate-limiting an upstream LLM. Retry with exponential backoff.502 Bad Gateway— upstream LLM provider error. Safe to retry once.5xxgenerally — transient. Retry with exponential backoff; alert us if it persists past a minute.
Get an API key
API access ships with the Scale plan. Sign up, mint a workspace-scoped key from /api-keys, and you can call the endpoints above in under a minute.